Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10a7ef33 authored by David Miller's avatar David Miller Committed by Steffen Klassert
Browse files

ipsec: Fix dst leak in xfrm_bundle_create(). 



If we cannot find a suitable inner_mode value, we will leak
the currently allocated 'xdst'.

The fix is to make sure it is linked into the chain before
erroring out.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent c0576e39

net/xfrm/xfrm_policy.c

+8 −8
Original line number Diff line number Diff line
@@ -1573,6 +1573,14 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, 
			goto put_states;

		}



		if (!dst_prev)

			dst0 = dst1;

		else

			/* Ref count is taken during xfrm_alloc_dst()

			 * No need to do dst_clone() on dst1

			 */

			dst_prev->child = dst1;



		if (xfrm[i]->sel.family == AF_UNSPEC) {

			inner_mode = xfrm_ip2inner_mode(xfrm[i],

							xfrm_af2proto(family));
@@ -1584,14 +1592,6 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, 
		} else

			inner_mode = xfrm[i]->inner_mode;



		if (!dst_prev)

			dst0 = dst1;

		else

			/* Ref count is taken during xfrm_alloc_dst()

			 * No need to do dst_clone() on dst1

			 */

			dst_prev->child = dst1;



		xdst->route = dst;

		dst_copy_metrics(dst1, dst);